Glitches in the expr engine?

Stefan Paetow Stefan.Paetow at jisc.ac.uk
Tue Mar 7 18:03:59 CET 2017


>> Would it be safe to say that if I add another check into the output to send a reject if the output contains a { or a } (which it never should), it should be acceptable?
> 
> I'm pretty sure it's only an issue if it's '}'.  But sure...

Well, if I use '%{' in the string and escape the % with a \, I get 'rad_expand_xlat: Invalid variable expansion passed as argument' as error message, but the output is nothing, which of course means nothing gets set.

So I guess it's only if the } gets involved that things go badly wrong (i.e. that the resulting attribute contains a }, part of the salt, and part of the host/realm/COI name).

I'll submit a PR for the updates.

Ta!

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170307/2578e1b1/attachment-0001.sig>


More information about the Freeradius-Users mailing list